Re: New ADSL user - need net and firewall help

• Previous message: Marc Shapiro: "gphoto2 and Polaroid Fun! Flash 640 SE"
• In reply to: Russ Cook: "New ADSL user - need net and firewall help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 6 Jun 2004 00:33:58 +0100
To: debian-user@lists.debian.org

On Sat, Jun 05, 2004 at 11:35:05AM -0500, Russ Cook wrote:
> Please help. For many years I have been using Debian Linux on machines
> at home, including a machine dedicated for dial-up access and
> masquerading for my home lan. My lan also consists of two windows
> machines for family members.
>
> DSL just became available in my area, and we subscribed. Now I need
> help getting my lan reconfigured to use the DSL modem and still protect
> my lan from the outside world.
>
> The modem is set up as a NAT device, and is configured for DHCP on my
> side of the interface. I've never used DHCP under Linux, and don't have
> a server set up. I access the modem via Ethernet, which means my
> firewall machine now needs a second card so my Lan can remain connected.
> I can access the internet with my Linux machine by setting my IP address
> manually to the default IP in the modem, which is 192.168.1.2. The
> modem retains 192.168.1.1 for itself, and translates to a different set
> of addresses on the 'internet' side. To complicate things, the address
> the modem expects me to access it with conflicts with my home lan, which
> uses 192.168.1.0 addresses. So, it appears I may have to reconfigure my
> home lan for a different block of addresses for the second ethernet card
> to access, and bridge between the two ethernet cards in my linux
> gateway. I have little actual experience with routing and firewalls, I
> tend to learn what I need for the task at hand, and then leave things
> alone unless they break. Consequently, I forget most of what I learn by
> the time I need it again. I have heard of PPPOE, and my provider has
> mentioned it to me, but they say the modem is set up for DHCP. My
> complication comes because I want to retain my own ip masquerading and
> firewall capability.
>
> Can anyone help me or point me to some step-by step reference material?
>
> Thanks much,
> Russ

Not entirely clear about your DHCP thing... My ADSL modem/router uses
DHCP on "my side" and getting it to work simply involves
- having dhclient installed
- having the following in /etc/network/interfaces:

auto eth1
iface eth1 inet dhcp

(eht1 being the card connected to the modem).

If it's then giving you an address that conflicts with your home LAN,
you may be able to log into its web interface and configure it to use
a different range. If it's not capable of this, I think you are indeed
stuck with reconfiguring your entire home LAN (someone correct me if
I'm wrong).

Keeping your firewall rules working is straightforward... assuming
your dialup setup had the LAN on eth0 and the dialup on ppp0, and now
you have LAN on eth0 and DSL on eth1, just go through and change all
the references to ppp0 to eth1. (Depending on how you generated these
rules, they may be in a script which accepts the interfaces as
command-line parameters.)

The equivalent directories to /etc/ppp/ip-{up|down}.d to put the
"start" and "stop" firewall scripts in are /etc/network/if-{up|down}.d.

If your current firewall is doing any port forwarding of incoming
connections, that will still work of itself, but you will also have to
tell the DSL modem to forward the relevant ports to the firewall box.
On my modem this is a bit crap because the address you tell it to
forward to is static, but in fact the address is allocated via DHCP
when you bring the interface up and therefore could possibly change.
Mine always gets the same address, so that's what I put in.

I have my modem/router in "router" mode (with only one of its ethernet
ports in use, connected to the firewall box) rather than "bridge" mode
because "bridge" mode doesn't work, AFAICT because the modem/router is
crap ("router" mode didn't work either until I updated its firmware).
This means that the PPPoE stuff is handled entirely by the modem; as
far as the Linux box is concerned it's a straightforward ethernet
connection. Since you say your modem is set up as a NAT device this is
probably the case for you too.

-- 
Pigeon
Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• application/pgp-signature attachment: stored

• Previous message: Marc Shapiro: "gphoto2 and Polaroid Fun! Flash 640 SE"
• In reply to: Russ Cook: "New ADSL user - need net and firewall help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]